I'm honestly surprised that I haven't yet seen a kernel patch implementing a tunable forbidding the scheduler from putting two vCPUs in sibling SMT cores.
If I had the time (which I don't), I would definitely consider writing my own PoC, based on the one described in the paper, and then fiddling around with small variations.
I'm starting to think there's something we haven't been told about Spectre #2. Real world exploitation seems _really_ hard, specially across domains, but still everyone involved is very worried about it. 🤔
Never been a fan of x86, but the amount of kludge we're adding to deal with Spectre #2 sets a new world record on ugliness. http://lkml.iu.edu/hypermail/linux/kernel/1801.1/05556.html
PSA: Don't manipulate containers while listening to "Pickle Rick! Remix". I've just tried to "dicker" something.
Being a parent makes you wonder about the biggest, hardest questions in life. Like, does the Paw Patrol work as a government sponsored service, or is it a premium service offered by some insurance companies?
Google being a bro here. Kudos to them.
My wife just told me that's not what normal people do. I guess she's right. Probably most of you have been backporting the x86/pti branch.
I tested it on Chrome (with site isolation feature activated) on OpenBSD and is not vulnerable, but my IDS (Suricata) with the ET/Snort updates rules for Spectre didn't detected anything at all. That's why even using an IDS I don't put too much trust on it, signature based detection is easily fooled.
Don't panic if your browser comes out as vulnerable, this is just a PoC. A real attacker would need to find a vulnerable function already present in the browser, and AFAIK none have been found so far (and I'm pretty sure there's a bunch of people looking for them 😉)
@maiki have you seen this Eelo project thing? Privacy centric LineageOS fork, designed to promote privacy respecting cloud services and a non profit org setup to host development, sell phones preloaded and host some open source cloud services that your also encouraged to self host. Being spun up by the founder of Mandrak Linux.
Might need to be added to one of your watch lists.
Damn, I had to reduce the bandwidth of my Tor relay from 1MB/s to 250KB/s, as this RPi2 couldn't cope with the encryption load. Even with this change, CPU %user is barely under 100%.
Hm... so flannel with vxlan backend requires all endpoints to set an MTU equal or lower than 1450. Good to know.